CVE-2009-5079

Name of the Vulnerable Software and Affected Versions groff versions prior to 1.22.2

Description The issue concerns multiple vulnerabilities in the groff package that can be exploited to compromise the integrity and availability of protected information. Exploitation can be performed remotely. Specifically, certain scripts in GNU troff, including gendef.sh, doc/fixinfo.sh, and contrib/gdiffmk/tests/runtests.in, are vulnerable to a symlink attack, allowing local users to overwrite arbitrary files via a temporary file in /tmp.

Recommendations For groff versions prior to 1.22.2, update to version 1.22.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable scripts gendef.sh, doc/fixinfo.sh, and contrib/gdiffmk/tests/runtests.in to minimize the risk of exploitation. Avoid using temporary files in /tmp that could be targeted by a symlink attack until the issue is resolved.